An important part of maintaining online security is to create unique passwords for all of your online accounts. That way, even if one password is compromised, the scope of the damage a bad actor can do is limited.
To keep track of all those passwords, you need a password manager. The best password manager can help you organize all your accounts, generate new passwords on the fly, and keep all of your information secure.
There are dozens of password managers competing for your business, so how do you know which one is right for you? In this guide, we’ll highlight five features that you should think about when picking a password manager.
1. Where are your passwords stored?
One of the most important things to consider when choosing a password manager is where your passwords and other encrypted data will be stored. Generally speaking, there are two places data can be stored—on your device or in the cloud.
Having your passwords on your device can be appealing. You’re in control of your own data, and your passwords can’t be compromised when there is a hack at a data center that is potentially thousands of miles away. You also don’t have to worry about de-encrypting your passwords over a public Wi-Fi network when you’re away from home.
However, local storage has some drawbacks. Without a cloud connection, it can be hard to sync your passwords across devices. Some password managers, like mSecure and Sticky Password, get around this by enabling you to sync using your home Wi-Fi network.
The other problem is that if your device is stolen, your passwords are stolen with it. The thief won’t be able to de-encrypt your data without your master password. But unless you have a backup, all of your passwords will be gone. With a cloud-based password manager, you can always recover your passwords from any device.
2. Is the password manager zero-knowledge?
If you opt for a cloud-based password manager, it’s important to consider whether or not your provider actually has access to your password. Many popular password managers, including LastPass, Dashlane, and Keeper, operate using zero-knowledge encryption.
Under this security architecture, your passwords are encrypted on your device before being transmitted over the Internet to your provider’s servers. The encryption key—your master password—is never hosted on the servers. As a result, even if your provider’s servers are breached, the hackers can only get their hands on encrypted versions of your passwords.
The problem with zero-knowledge encryption is that it creates problems in other areas. Password sharing is often impossible if zero-knowledge encryption is used, since you would necessarily need to transmit your encryption key to whomever you share your password with. Automatic password updating is also impossible within a zero-knowledge architecture.
3. Does it offer two-factor authentication?
Password manager providers generally put a lot of work into keeping their servers secure. But how secure is your own computer? The most likely way for a bad actor to get their hands on your passwords is to go through the client-side interface on your device, such as by using malware that logs your keystrokes.
The easiest way to defend against this is with two-factor authentication. With two-factor authentication enabled, a hacker might have your master password—but unless they also have your smartphone in hand, they still won’t be able to break into your password manager. Plus, the text you receive about a login attempt serves as an alert that someone is trying to break into your account.
Relatedly, it’s a good idea to look for a password manager that has an auto-lockout timer. This requires you to re-enter your master password (and go through two-factor authentication again) after you step away from the software for a few minutes.
4. Can you share your passwords?
Password sharing is tricky from a security standpoint because it potentially exposes your encryption key. However, if you work in a team—for example, if you’re using a password manager at work—then the ability to share passwords easily can be a key feature to look for. Some password managers enhance security by enabling you to send your encryption key separately from your encrypted password, preferably through a secure messenger.
Business users may also want to consider whether a password manager offers user access management features. Some business password managers like Dashlane enable administrators to set up user groups and assign user permissions for different passwords.
5. Is it compatible with your devices and browser?
Ideally, a password manager will work across all your devices. Most popular password managers support Windows and Mac computers as well as Android and iOS mobile devices. If you have any Linux devices to connect, make sure that your password manager supports this operating system.
It’s also worth considering whether there are browser extensions available. These are particularly helpful since extensions enable you to autofill login information as you access different sites. In that case, all you need is your single master password to log into all your online accounts.
Note that not all password managers offer support for all browsers. Some only have Chrome and Firefox extensions, while others, such as Bitwarden, support less common browsers like Opera and Tor. If you’re using password management software in a team, keep in mind that different individuals may use different web browsers.
Any well-built password manager will keep your account safe. But your password manager also has to be convenient enough for you to want to use it rather than go back to using a single password for everything. With these five tips, you can ensure that you’re choosing the best password manager for your needs.